1147 clowder 2 helm chart clean up (#1148)

* turn off unecessary ingress for minio and rabbitmq

* remove default tls host

* slight update the secret read

* use the wrong secretname

* add more gitignore

* take out default extractors in the default values

* allow backend env to be overwritten by value files with default

* add quote to number and boolean

* allow environment variable setting in heartbeat and message extractors

* extractor doesn't need to be commented out; add message and heartbeat

* use fullname for matching labels

* typo

* allow use existing secret and secret keys

* duplicate rabbitmq pass

Author: longshuicy

.gitignore

@@ -59,6 +59,7 @@ scripts/keycloak/data/*
 # ignore clowder chart deps
 deployments/kubernetes/charts/clowder2/charts
 deployments/kubernetes/charts/clowder2/*clowder2-software-dev.yaml
+*secret*.yaml
 
 # Environments
 .env

deployments/kubernetes/charts/clowder2/templates/NOTES.txt

@@ -15,7 +15,7 @@
   export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "clowder2.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
   echo http://$SERVICE_IP:{{ .Values.frontend.service.port }}
 {{- else if contains "ClusterIP" .Values.frontend.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "clowder2.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "clowder2.fullname" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
   export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
   echo "Visit http://127.0.0.1:8080 to use your application"
   kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT

deployments/kubernetes/charts/clowder2/templates/_helpers.tpl

@@ -46,7 +46,7 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
 Selector labels
 */}}
 {{- define "clowder2.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "clowder2.name" . }}
+app.kubernetes.io/name: {{ include "clowder2.fullname" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 

deployments/kubernetes/charts/clowder2/templates/backend/deployment.yaml

@@ -10,7 +10,7 @@ spec:
   {{- end }}
   selector:
     matchLabels:
-      app.kubernetes.io/name: {{ include "clowder2.name" . }}-backend
+      app.kubernetes.io/name: {{ include "clowder2.fullname" . }}-backend
       app.kubernetes.io/instance: {{ .Release.Name }}
   template:
     metadata:
@@ -19,7 +19,7 @@ spec:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       labels:
-        app.kubernetes.io/name: {{ include "clowder2.name" . }}-backend
+        app.kubernetes.io/name: {{ include "clowder2.fullname" . }}-backend
         app.kubernetes.io/instance: {{ .Release.Name }}
     spec:
       {{- with .Values.imagePullSecrets }}
@@ -39,25 +39,31 @@ spec:
             - name: WEB_CONCURRENCY
               value: "1"
             - name: MINIO_SERVER_URL
-              value: {{ include "clowder2.name" . }}-minio:9000
-#              value: {{ include "clowder2.name" . }}-minio-headless:9000
+              value: {{ .Values.backend.env.MINIO_SERVER_URL }}
             - name: MINIO_EXTERNAL_SERVER_URL
               value: minio-api.{{ .Values.hostname }}
             - name: MINIO_SECURE
-              value: "true"
+              value: {{ .Values.backend.env.MINIO_SECURE | quote }}
             - name: MINIO_BUCKET_NAME
-              value: clowder
+              value: {{ .Values.backend.env.MINIO_BUCKET_NAME }}
             - name: MINIO_ACCESS_KEY
               value: {{ .Values.minio.auth.rootUser }}
             - name: MINIO_SECRET_KEY
+              {{- if .Values.backend.existingSecret }}
               valueFrom:
                 secretKeyRef:
-                  name: clowder2-minio
+                  name: {{ .Values.backend.existingSecret }}
+                  key: {{ .Values.backend.existingMinioSecretKey | default "root-password" }}
+              {{- else }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "clowder2.fullname" . }}-minio
                   key: root-password
+              {{- end }}
             - name: MINIO_UPLOAD_CHUNK_SIZE
-              value: "10485760"
+              value: {{ .Values.backend.env.MINIO_UPLOAD_CHUNK_SIZE | quote}}
             - name: MONGODB_URL
-              value: mongodb://{{ include "clowder2.name" . }}-mongodb:27017
+              value: {{ .Values.backend.env.MONGODB_URL }}
             - name: MONGO_DATABASE
               value: {{ .Values.mongodb.database }}
             - name: CLOWDER2_URL
@@ -73,37 +79,43 @@ spec:
             - name: auth_url
               value: $(CLOWDER2_URL)/keycloak/realms/clowder/protocol/openid-connect/auth?client_id=clowder2-backend&response_type=code
             - name: oauth2_scheme_auth_url
-              value: http://{{ include "clowder2.name" .}}-keycloak-headless:8080/keycloak/realms/clowder/protocol/openid-connect/auth?client_id=clowder2-backend&response_type=code
+              value: {{ .Values.backend.env.oauth2_scheme_auth_url }}
             - name: auth_register_url
-              value: $(CLOWDER2_URL)/keycloak/realms/clowder/protocol/openid-connect/registrations?client_id=clowder2-backend&response_type=code&redirect_uri=$(auth_redirect_uri)&scope=openid%20email
+              value: $(CLOWDER2_URL){{ .Values.backend.env.auth_register_url }}
             - name: auth_token_url
-              value: http://{{ include "clowder2.name" .}}-keycloak-headless:8080/keycloak/realms/clowder/protocol/openid-connect/token
+              value: {{ .Values.backend.env.auth_token_url }}
             - name: auth_server_url
               value: $(CLOWDER2_URL)/keycloak/
             - name: keycloak_base
               value: $(CLOWDER2_URL)/api
             - name: frontend_url
               value: $(CLOWDER2_URL)
             - name: elasticsearch_url
-              value: http://{{ include "clowder2.name" . }}-elasticsearch:9200
+              value: {{ .Values.backend.env.elasticsearch_url }}
             - name: elasticsearch_no_of_shards
               value: "5"
             - name: elasticsearch_no_of_replicas
               value: "5"
             - name: RABBITMQ_USER
               value: {{ .Values.rabbitmq.auth.username }}
             - name: RABBITMQ_PASS
+              {{- if .Values.backend.existingSecret }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.backend.existingSecret }}
+                  key: {{ .Values.backend.existingRabbitMQSecretKey | default "rabbitmq-password" }}
+              {{- else }}
               valueFrom:
                 secretKeyRef:
-                  name: clowder2-rabbitmq
+                  name: {{ include "clowder2.fullname" . }}-rabbitmq
                   key: rabbitmq-password
+              {{- end }}
             - name: RABBITMQ_HOST
-              value: {{ include "clowder2.name" .  }}-rabbitmq
+              value: {{ .Values.backend.env.RABBITMQ_HOST }}
             - name: HEARTBEAT_EXCHANGE
               value: "extractors"
             - name: API_HOST
-#              value: $(CLOWDER2_URL)
-              value: http://{{ include "clowder2.name" . }}-backend:{{ .Values.backend.service.port }}
+              value: {{ .Values.backend.env.API_HOST }}
           ports:
             - name: http
               containerPort: 80

deployments/kubernetes/charts/clowder2/templates/backend/ingress.yaml

@@ -21,7 +21,6 @@ spec:
   {{- if .Values.ingress.tls }}
   tls:
     - hosts:
-        - {{ .Values.hostname }}
     {{- range .Values.ingress.tls }}
         {{- range .hosts }}
         - {{ . | quote }}

deployments/kubernetes/charts/clowder2/templates/extractors/deployment.yaml

@@ -38,10 +38,17 @@ spec:
             - name: RABBITMQ_USER
               value: {{ $.Values.rabbitmq.auth.username }}
             - name: RABBITMQ_PASS
+              {{- if $val.existingSecret }}
               valueFrom:
                 secretKeyRef:
-                  name: clowder2-rabbitmq
+                  name: {{ $val.existingSecret }}
+                  key: {{ $val.existingRabbitMQSecretKey | default "rabbitmq-password" }}
+              {{- else }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ $fullname }}-rabbitmq
                   key: rabbitmq-password
+              {{- end }}
             - name: CLOWDER_VERSION
               value: "2"
             - name: RABBITMQ_URI

deployments/kubernetes/charts/clowder2/templates/frontend/deployment.yaml

@@ -10,7 +10,7 @@ spec:
   {{- end }}
   selector:
     matchLabels:
-      app.kubernetes.io/name: {{ include "clowder2.name" . }}-frontend
+      app.kubernetes.io/name: {{ include "clowder2.fullname" . }}-frontend
       app.kubernetes.io/instance: {{ .Release.Name }}
   template:
     metadata:
@@ -19,7 +19,7 @@ spec:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       labels:
-        app.kubernetes.io/name: {{ include "clowder2.name" . }}-frontend
+        app.kubernetes.io/name: {{ include "clowder2.fullname" . }}-frontend
         app.kubernetes.io/instance: {{ .Release.Name }}
     spec:
       {{- with .Values.imagePullSecrets }}

deployments/kubernetes/charts/clowder2/templates/frontend/ingress.yaml

@@ -21,7 +21,6 @@ spec:
   {{- if .Values.ingress.tls }}
   tls:
     - hosts:
-        - {{ .Values.hostname }}
     {{- range .Values.ingress.tls }}
         {{- range .hosts }}
         - {{ . | quote }}

deployments/kubernetes/charts/clowder2/templates/geoserver/deployment.yaml

@@ -9,14 +9,14 @@ spec:
   replicas: {{ .Values.geoserver.replicaCount }}
   selector:
     matchLabels:
-      app.kubernetes.io/name: {{ include "clowder2.name" . }}-geoserver
+      app.kubernetes.io/name: {{ include "clowder2.fullname" . }}-geoserver
       app.kubernetes.io/instance: {{ .Release.Name }}
   strategy:
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: {{ include "clowder2.name" . }}-geoserver
+        app.kubernetes.io/name: {{ include "clowder2.fullname" . }}-geoserver
         app.kubernetes.io/instance: {{ .Release.Name }}
     spec:
       {{- with .Values.imagePullSecrets }}
@@ -29,15 +29,19 @@ spec:
           imagePullPolicy: {{ .Values.geoserver.image.pullPolicy }}
           env:
             - name: GEOSERVER_ADMIN_USER
+              value: {{ .Values.geoserver.username }}
+            - name: GEOSERVER_ADMIN_PASSWORD
+              {{- if .Values.geoserver.existingSecret }}
               valueFrom:
                 secretKeyRef:
-                  name: {{ include "clowder2.fullname" . }}-services
-                  key: GEOSERVER_USER
-            - name: GEOSERVER_ADMIN_PASSWORD
+                  name: {{.Values.geoserver.existingSecret }}
+                  key: {{.Values.geoserver.existingGeoserverSecretKey | default "GEOSERVER_PW" }}
+              {{- else }}
               valueFrom:
                 secretKeyRef:
-                  name: {{ include "clowder2.fullname" . }}-services
+                  name: {{include "clowder2.fullname" . }}-services
                   key: GEOSERVER_PW
+              {{- end }}
           ports:
             - containerPort: 8080
               name: geoserver

deployments/kubernetes/charts/clowder2/templates/geoserver/service.yaml

@@ -13,6 +13,6 @@ spec:
       targetPort: geoserver
       protocol: TCP
   selector:
-    app.kubernetes.io/name: {{ include "clowder2.name" . }}-geoserver
+    app.kubernetes.io/name: {{ include "clowder2.fullname" . }}-geoserver
     app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}